CLAIMS 



1 1 . An apparatus comprising: 

2 at least one processor; 

3 a memory coupled to the at least one processor; 

4 a directory service server that accesses a directory that has a plurality of entries, 



5 the plurality of entries including at least one proxy entry that contains security 

6 information for a corresponding protected resource, the directory service server including 

7 authentication and authorization functions that determine whether a selected one of the 

8 plurality of entries may be accessed; 



9 a plurality of protected resources that are not stored or contained within the 

10 directory; 

1 1 an application residing in the memory and executed by the at least one processor, 

1 2 the application including a logical mapping that correlates each protected resource with a 

1 3 corresponding proxy entry, the application determining whether the application is 

14 authorized to access a selected protected resource by invoking the authentication and 

1 5 authorization functions in the directory service server to determine whether the proxy 

16 entry corresponding to the selected resource may be accessed, and if so, the application 

1 7 accesses the selected protected resource. 

1 2. The apparatus of claim 1 wherein the directory service server is a Lightweight 

2 Directory Access Protocol (LDAP) server, and wherein the directory is an LDAP 

3 directory. 

1 3. The apparatus of claim 1 wherein the application does not access the selected 

2 protected resource if the proxy entry corresponding to the selected resource cannot be 

3 accessed. 
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1 4. A method for a directory service that contains a proxy entry corresponding to an 

2 external protected resource to provide authentication and authorization functions to a 

3 software appHcation, the method comprising the steps of: 

4 (A) when the software appHcation needs to access the external protected resource, 

5 performing the steps of: 

6 (Al) identifying a proxy entry that corresponds to the external protected 

7 resource; 

8 (A2) the software application requesting from the directory service access 

9 to the proxy entry that corresponds to the external protected resource; and 

10 (A3) if the directory service grants access to the proxy entry that 

1 1 corresponds to the external protected resource, the application accesses the 

1 2 external protected resource, 

1 5. The method of claim 4 ftirther comprising the step of: 

2 (A4) if the directory service denies access to the proxy entry that 

3 corresponds to the external protected resource, the application does not access the 

4 protected resource. 



Docket No. ROC9-2000-0230-US1 



19 



1 6. A method for a directory service to provide authentication and authorization 

2 functions to a software application, the method comprising the steps of: 

3 (A) determining which of a plurality of resources require protection; 

4 (B) creating a proxy entry in the directory service for each protected resource; 

5 (C) generating a logical mapping that correlates each protected resource to its 

6 corresponding proxy entry; 

7 (D) when the software application needs to access a selected protected resource, 

8 performing the steps of: 

9 (Dl) using the logical mapping to identify a proxy entry that corresponds 

1 0 to the selected protected resource; 

1 1 (D2) the software application requesting from the directory service access 

1 2 to the identified proxy entry; and 

13 (D3) if the directory service grants access to the identified proxy entry, the 

1 4 application accesses the selected protected resource. 

1 7. The method of claim 6 further comprising the step of: 

2 (D4) if the directory service denies access to the proxy entry that 

3 corresponds to the selected protected resource, the application does not access the 

4 selected protected resource. 
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18. A program product comprising: 

2 (A) a software application that uses a logical mapping that correlates a plurality of 

3 protected resources that are not stored or contained within the directory with 

4 corresponding proxy entries in a directory service that is managed by a directory service 

5 server, the application determining whether the application is authorized to access a 

6 selected protected resource by invoking authentication and authorization functions in the 

7 directory service server to determine whether the proxy entry corresponding to the 

8 selected resource may be accessed, and if so, the application accesses the selected 

9 protected resource; and 

10 (B) computer-readable signal bearing media bearing the software application. 

1 9. The program product of claim 8 wherein the signal bearing media comprises 

2 recordable media. 

1 10. The program product of claim 8 wherein the signal bearing media comprises 

2 transmission media. 

1 11. The program product of claim 8 wherein the directory service server is a 

2 Lightweight Directory Access Protocol (LDAP) server, and wherein the directory is an 

3 LDAP directory. 

1 12. The program product of claim 8 wherein the application does not access the 

2 selected protected resource if the proxy entry corresponding to the selected resource 

3 caimot be accessed. 
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